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What is Claimed is: 

1. A system for distributing digital documents having usage rights 
associated therewith, said system comprising: 

a server having at least one document stored thereon in computer 
readable form; 

a client having a standard application program including a rendering 
engine capable of rendering unencrypted documents for viewing; 

a communications network coupled to said client and said server; 

a rights management module module for receiving a request for at 
least one of the documents from said client and delivering the at least one 
document and a set of rights associated with the at least one document to 
said client; 

a connection module adapted to be attached to said rendering engine 
for receiving the list of rights associated with the at least one document; 

a user interface module adapted to be attached to said rendering 
engine for controlling access by the client to the at least one document in 
accordance with the set of rights associated with said at least one document. 

2. A system as recited in claim 1, wherein said connection module 
is operative to detect whether said user interface module is attached to said 
rendering engine and for providing the at least one of the documents to said 
rendering engine if said user interface module is attached to said rendering 
drive. 

3. A system as recited in claim 2, wherein said connection module 
is operative to unencrypt the at least one of the documents. 
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4. A system as recited in claim 2, wherein said standard 
application program is a Web browser and said server includes an HTTP 
server. 

5. A system as recited in claim 4, wherein said connection module 
and said user interface module attach to the rendering engine of the Web 
browser using at least one of ActiveX controls and plug-in technology. 

6. A system as recited in claim 4, wherein said rights, management 
module comprises means for pointing to a start Web page stored on said 
server, and means for encrypting said means for pointing and wherein said 
connection module comprises means for unencrypting said means for 
pointing and wherein said system further comprises means for generating a 
secure start Web page which references said connection module and said 
means for pointing. 

7. A system as recited in claim 4, wherein said connection module 
comprises means for generating a signature and said rights, management 
module comprises means for validating the signature, and wherein a request 
to said server is honored only if the signature is present and valid. 

8. A method for distributing digital documents having one or more 
usage rights associated therewith, said method comprising the steps of: 

storing at least one document on a server in computer readable form; 

accessing the server with a client having a standard application 
program including a rendering engine capable of rendering unencrypted 
documents; 

receiving a request for at least one of the documents from the client; 

delivering the at least one of the documents and a set of rights 
associated with the at least one of the documents to the client; 
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receiving the list of rights associated with the at least one of the 
documents with a connection module attached to the rendering engine; 

controlling access by the client to the at least one of the documents in 
accordance with the set of rights associated with the at least one of the 
5 documents through a user interface module attached to the rendering engine. 

9. A method as recited in claim 8, further comprising the step of 
unencrypting the at least one of the documents. 

10. A method as recited in claim 8, further comprising the steps of 
detecting whether the user interface module is attached to the rendering 

10 engine and providing the at least one document to the rendering engine if the 
user interface module is attached to the rendering drive. 

11. A method as recited in claim 10, wherein said step of detecting 
further comprises determining whether said rendering engine has been 
compromised. 

15 12. A method as recited in claim 10, wherein said standard 

application program is a Web browser and said server includes HTTP server 
software. 

13. A method as recited in claim 12, further comprising the steps of 
providing a pointer on the server to a start Web page stored on the server, 

20 encrypting the pointer, generating a secure start Web page on the server 
which references the pointer, providing access to the secure start Web page 
through the Web browser, and unencrypting the pointer on the client to 
provide the Web browser access to the start Web page on the server. 

14. A method as recited in claim 12, further comprising the steps of 
25 generating a signature with the client, transmitting the signature to the server 

with a request to the server, validating the signature with the server, and 
honoring the request only if the signature is present and valid. 
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15. In a computer architecture including a server having documents 
stored thereon, a start page for accessing the documents, and a client 
running an application program having a rendering engine, a method of 
distributing documents comprising the steps of: 

installing a rights management module on the server; 

attaching a user interface module and a connection module to the 
rendering engine; 

creating a secure start page on the server; 

placing the documents in directory; 

programming the rights management module to include a pointer to the 
directory; 

encrypting an address to the directory. 

modifying the secure interface display to reference the user interface 
module and the start page; and 

unencrypting the address to the directory with the connection module 
to permit access to the start page and the documents on the server. 

16. A method as recited in claim 15, wherein the server includes 
HTTP server software, wherein the application program is a Web browser, 
wherein the secure interface display is a secure start Web page and wherein 
the address to the directory is in the form of a URL. 

17. A method as recited in claim 16, further comprising the steps of: 



accessing the secure start Web page by issuing a URL to the 



start page; 



directing the user interface module to the start page through the 
reference to the start page in the secure start Web page; 
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creating an instance of the rendering engine; 

loading the start page in the instance of the rendering engine to 
display the start page on the client; 

directing the instance of the rendering engine, under control of 
the user interface module, to retrieve one or more of the documents 
from the server. 

18. A method as recited in claim 16, wherein said step of 
directing the instance comprises the steps of intercepting commands 
from the Web browser with the user interface module and redirecting 
the commands through the connection module on the server. 

19. A method as recited in claim 16, wherein said step of 
redirecting comprises the steps of instructing the instance to utilize a 
secure asynchronous protocol through the connection module. 

20. A method as recited in claim 16, further comprising the 
steps of validating, with the connection module, that the user interface 
module is attached to the rendering engine and permitting the client to 
connect to the server only if the validation step is positive. 
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